How to Install Fail2Ban on Ubuntu 16.04

r00t November 29, 2017

Install Fail2Ban on Ubuntu 16.04

In this tutorial we will show you how to install Fail2Ban on Ubuntu 16.04. We will also install and configure its prerequisites. Fail2Ban is a free and open source intrusion prevention software tool written in the Python programming language which can be used to protect servers from various kinds of attacks. Fail2Ban works by continuously monitoring various log files (Apache, SSH) and conducting scripts according to them. Mostly it is used to block IP addresses which are trying to breach the system’s safety. It can be used to block any IP address which is attempting to make lots of illegitimate login attempts. Fail2Ban is put up to block malicious IP address within a time limit defined by administrator. Fail2Ban can be configured to send email notifications when someone’s attacking your server. The main purpose of Fail2ban is to scans log files for a variety of services, such as SSH, FTP, SMTP, Apache and obstruct the IP address which makes too many password failures.

I recommend to use a minimal Ubuntu server setup as a basis for the tutorial, that can be a virtual or a root server image with an Ubuntu 16.04 minimal install from a web hosting company or you use our minimal server tutorial to install a server from scratch.

Install Fail2Ban on Ubuntu 16.04

Step 1. First, ensure your system and apt package lists are fully up-to-date by running the following:

apt-get update -y
apt-get upgrade -y

Step 2. Installing Fail2ban.

By default Fail2ban is available in Ubuntu 16.04 default package repository. So you can easily install it by just running the following command:

apt-get install fail2ban

Step 3. Configure Fail2Ban.

You can use fail2ban with any service that makes log files like Apache, FTP, etc. The configuration for different services can be found in /etc/fail2ban/jail.local. You can change this settings by adding appropriate lines in /etc/fail2ban/jail.local:

nano /etc/fail2ban/jail.local

Add the following lines:

##To block failed login attempts use the below jail.
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To block the remote host that is trying to request suspicious URLs, use the below jail.
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail.
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To block the remote host that is trying to request malicious bot, use below jail.
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To stop DOS attack from remote host.
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 192.168.15.189
action = iptables[name=HTTP, port=http, protocol=tcp]
 
##To block the failed login attempts on the SSH server, use the below jail.
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189

Save the file and restart the fail2ban service:

systemctl restart fail2ban

Congratulation’s! You have successfully install and configured Fail2Ban on your Ubuntu 16.04 server. Thanks for using this tutorial installing Fail2Ban on Ubuntu 16.04 LTS (Xenial Xerus) system.

The Tags:

Leave a Comment

Comments are closed.